104 lines
4.2 KiB
Bash
Executable file
104 lines
4.2 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
API_URL="http://127.0.0.1:8081/api/v1/servers/localhost/zones/hexname.com."
|
|
API_KEY="${API_KEY:?API_KEY not set}"
|
|
|
|
declare -A RRSETS
|
|
|
|
add_record() {
|
|
local type="$1"
|
|
local ttl="$2"
|
|
local name="$3"
|
|
local content="$4"
|
|
|
|
local key="${name}|${type}|${ttl}"
|
|
RRSETS["$key"]+="${content}"$'\n'
|
|
}
|
|
|
|
flush_rrsets() {
|
|
local rrsets_json="[]"
|
|
|
|
for key in "${!RRSETS[@]}"; do
|
|
IFS='|' read -r name type ttl <<<"$key"
|
|
|
|
local records_json
|
|
records_json=$(printf '%s' "${RRSETS[$key]}" \
|
|
| sed '/^$/d' \
|
|
| jq -R '{content: ., disabled: false}' \
|
|
| jq -s '.')
|
|
|
|
rrsets_json=$(jq \
|
|
--arg name "$name" \
|
|
--arg type "$type" \
|
|
--argjson ttl "$ttl" \
|
|
--argjson records "$records_json" \
|
|
'. + [{
|
|
name: $name,
|
|
type: $type,
|
|
ttl: $ttl,
|
|
changetype: "REPLACE",
|
|
records: $records
|
|
}]' <<<"$rrsets_json")
|
|
done
|
|
|
|
jq -n --argjson rrsets "$rrsets_json" '{ rrsets: $rrsets }' \
|
|
| curl -sS -X PATCH \
|
|
-H "X-API-Key: $API_KEY" \
|
|
-H "Content-Type: application/json" \
|
|
--data-binary @- \
|
|
"$API_URL"
|
|
}
|
|
|
|
add_record "NS" 604800 "hexname.com." "ns1.hexname.com."
|
|
add_record "NS" 604800 "hexname.com." "ns2.hexname.com."
|
|
# add_record "NS" 604800 "loves-beer.com." "ns1.hexname.com."
|
|
# add_record "NS" 604800 "loves-beer.com." "ns2.hexname.com."
|
|
# add_record "NS" 604800 "dickdns.org." "ns1.hexname.com."
|
|
# add_record "NS" 604800 "dickdns.org." "ns2.hexname.com."
|
|
|
|
add_record "A" 604800 "hexname.com." "188.245.239.209"
|
|
# add_record "CNAME" 604800 "loves-beer.com." "hexname.com."
|
|
# add_record "CNAME" 604800 "dickdns-org." "hexname.com."
|
|
|
|
add_record "A" 604800 "ns1.hexname.com." "188.245.239.209"
|
|
add_record "A" 604800 "ns2.hexname.com." "91.99.69.65"
|
|
|
|
# Mailserver records
|
|
add_record "A" 3600 "mx.hexname.com." "188.245.239.209"
|
|
add_record "A" 3600 "email.hexname.com." "188.245.239.209"
|
|
add_record "A" 3600 "mta-sts.hexname.com." "188.245.239.209"
|
|
add_record "CNAME" 3600 "mail.hexname.com." "mx.hexname.com."
|
|
add_record "MX" 3600 "hexname.com." "10 mx.hexname.com."
|
|
|
|
add_record "TXT" 3600 "hexname.com." "\"google-site-verification=yOG8oyjZY9hKDxSNiD730PD9HO-zsQz0xEke49U6lrM\""
|
|
add_record "TXT" 3600 "hexname.com." "\"ahrefs-site-verification_eadd521586ff26f292e19c7a99f7feb5c22420c290ce62b452ce381b2f1b9c16\""
|
|
add_record "TXT" 3600 "_mta-sts.hexname.com." "\"v=STSv1; id=20260127182600Z;\""
|
|
add_record "TXT" 3600 "202601e._domainkey.hexname.com." "\"v=DKIM1; k=ed25519; h=sha256; p=C30gZd1CbkUpIGInw/wZgZQD0pmUEnwTp+svCLm1oCk=\""
|
|
add_record "TXT" 3600 "202601r._domainkey.hexname.com." "\"v=DKIM1; k=rsa; h=sha256; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnyQRHisJtMpgRCAKAE5mfq63n1hvguiNheRrGWcLjEziA9r3M8oaxM71gDNeDEZj19yXlYBWlZZiPsdkMNsumFaElTt3E810JjZxvWslvRgCQ9qMK6lE4ytJZHXJD1a+g82/j4Pfu3C0iz0GfMvngXf03pDl5jWeScwfSFgvKx/0tRdzCAzwkSZfZaSKCh5bcvVwoxzXqHjz3zxwxDJGlUPoERymd18/7NkdRRfJZoqAo/aHdsh5JsYa8APtNIHjSjp2vUBPQnNrtx9+lI0qRnwdyrim8v8CRKin+QUW0sstWGuyqZxgxOGXO2Ek2fqTrpzVu2fu6pzGqJdbTVf5BQIDAQAB\""
|
|
add_record "TXT" 3600 "mx.hexname.com." "\"v=spf1 a ra=spf-reports -all\""
|
|
add_record "TXT" 3600 "hexname.com." "\"v=spf1 mx ra=spf-reports -all\""
|
|
add_record "TXT" 3600 "_dmarc.hexname.com." "\"v=DMARC1; p=reject; rua=mailto:dmarc-reports@hexname.com; ruf=mailto:dmarc-reports@hexname.com\""
|
|
add_record "TXT" 3600 "_smtp._tls.hexname.com." "\"v=TLSRPTv1; rua=mailto:tls-reports@hexname.com\""
|
|
add_record "SRV" 3600 "_imaps._tcp.hexname.com." "0 1 993 mx.hexname.com."
|
|
add_record "SRV" 3600 "_imap._tcp.hexname.com." "0 1 143 mx.hexname.com."
|
|
add_record "SRV" 3600 "_submissions._tcp.hexname.com." "0 1 465 mx.hexname.com."
|
|
add_record "SRV" 3600 "_submission._tcp.hexname.com." "0 1 587 mx.hexname.com."
|
|
add_record "TLSA" 3600 "_25._tcp.mx.hexname.com." "3 1 1 88151fff33b6c5b820d83b3030d55376f57085a154652a27089d9d9a71fe6a7e"
|
|
|
|
# Create the zone
|
|
curl -d '{
|
|
"name": "hexname.com.",
|
|
"kind": "Native",
|
|
"masters": [],
|
|
"nameservers": [
|
|
"ns1.hexname.com.",
|
|
"ns2.hexname.com."
|
|
]
|
|
}' -X POST -H "X-API-Key: $API_KEY" http://127.0.0.1:8081/api/v1/servers/localhost/zones
|
|
|
|
flush_rrsets
|
|
|
|
# Secure/update DDNSEC
|
|
sudo podman exec -it hexname-powerdns pdnsutil zone secure hexname.com
|
|
|